September, 2015

While Metasploit is a great framework for conducting penetration tests, it’s popularity hasn’t gone unnoticed by anti-virus (a/v) vendors. Standard Metasploit payload executables started getting flagged by a/v products in 2009 and now are picked up by a majority of a/v products out on the market. If you can’t get your payload past your clients’s a/v software, you just might find yourself dead in the water before you’ve even begun.

The problem is that professional malware writers, organized crime, and nation state actors have no problem breezing past a/v software, successfully bypassing these solutions for years. We, as penetration testers, are finding ourselves getting flagged because we are utilizing popular tools that are well-known to a/v vendors. In this post, we will explore the topic of a/v evasion.